Lyle Frink

5 May 2011

CARO: Half of all computers running vulnerable versions of Adobe PDF Reader

Half of all avast! users are running an older versions of Adobe Reader on their computers that are vulnerable to a variety of malware attacks.

The avast! Virus Lab found that 49.41% of avast users were using the older Adobe Reader versions as of end-April. The number was also surprisingly stable, dropping by around five percentage points from the early March level of 55.71%.

“The numbers were a surprise to us,” said Jiri Sejtko, head virus analyst. “Because the avast! user pool is so large, this is a statistically significant indication of how vulnerable all computers are around the world.” The Virus Lab obtained the data on Adobe Readers from a global survey of users in the avast! CommunityIQ sensor system.

The older versions of Adobe are vulnerable to a variety of infected PDF files. Detecting these files was the theme of the Virus Lab’s “Grabbing the PDF by the tail” presentation at the CARO 2011 Workshop in Prague.

The technical presentation primarily looked the difference between structural heuristics and JavaScript heuristics. Structural heuristics work on a limited subset of files and are focused on PDF format and some file abnormalities. JavaScript heuristics rules have a wider, almost complete coverage.

“PDFs are an ideal channel for spreading malware,” said Jindrich Kubec, head of the avast! Virus Lab. “The bad guys don’t sleep, so combining detection techniques is really the way to go for anitivirus programs. For users, they need to make sure that their PDF reader is fully updated."

 

Threat Research, Security News